Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0060 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
|
|||||
| CVE-2006-0513 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2005-3719 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.
|
|||||
| CVE-2006-3174 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
|
|||||
| CVE-2005-4579 | 1 Hitachi | 1 Business Logic | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.
|
|||||
| CVE-2002-0214 | 1 Intel | 1 Intel Pro Wireless 2011b Lan Usb Device Driver | 2025-04-03 | 2.1 LOW | N/A |
|
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.
|
|||||
| CVE-2006-1443 | 1 Apple | 1 Mac Os X | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions.
|
|||||
| CVE-2005-1903 | 1 E-post Corporation | 1 Spa-pro Mail Atsolomon | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.
|
|||||
| CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211.
|
|||||
| CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
|
|||||
| CVE-2005-4516 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.
|
|||||
| CVE-1999-1344 | 1 Auto Ftp | 1 Auto Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file.
|
|||||
| CVE-1999-0459 | 2025-04-03 | 4.6 MEDIUM | N/A | ||
|
Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot.
|
|||||
| CVE-1999-0786 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
|
|||||
| CVE-2002-1986 | 1 Perception | 1 Liteserve | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
|
|||||
| CVE-2000-0927 | 1 Wquinn | 1 Quotaadvisor | 2025-04-03 | 4.6 MEDIUM | N/A |
|
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.
|
|||||
| CVE-1999-0879 | 2 Bsdi, Caldera | 2 Bsd Os, Openlinux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
|
|||||
| CVE-2002-1362 | 1 Matthew Smith | 1 Micq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.
|
|||||
| CVE-2004-2018 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2000-1121 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
|
|||||
| CVE-2005-2505 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
|
|||||
| CVE-2000-0113 | 1 Sybergen | 1 Sygate | 2025-04-03 | 7.5 HIGH | N/A |
|
The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.
|
|||||
| CVE-2000-0253 | 1 Craig Dansie | 1 Dansie Shopping Cart | 2025-04-03 | 10.0 HIGH | N/A |
|
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2001-1136 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
|
|||||
| CVE-2002-2063 | 1 Atguard | 1 Atguard Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames.
|
|||||
| CVE-2002-0325 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.
|
|||||
| CVE-2004-1402 | 1 Iwebnegar | 1 Iwebnegar | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.
|
|||||
| CVE-2001-1538 | 1 Speedxess | 1 Ha-120 Dsl Router | 2025-04-03 | 7.5 HIGH | N/A |
|
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.
|
|||||
| CVE-2005-2279 | 1 Cisco | 1 Ons 15216 Optical Add Drop Multiplexer Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data.
|
|||||
| CVE-2000-1134 | 7 Caldera, Conectiva, Hp and 4 more | 9 Openlinux, Openlinux Edesktop, Openlinux Eserver and 6 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
|
|||||
| CVE-2006-0875 | 1 Runcms | 1 Runcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.
|
|||||
| CVE-2006-4978 | 1 Walter Beschmout | 1 Phpquiz | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
|
|||||
| CVE-2006-4957 | 1 The Myreview System | 1 Myreview | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php.
|
|||||
| CVE-1999-0153 | 2 Microsoft, Sco | 4 Windows 2000, Windows 95, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
|
|||||
| CVE-2004-2308 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
|
|||||
| CVE-2002-1159 | 1 Canna | 1 Canna | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
|
|||||
| CVE-2006-0141 | 1 Eudora | 1 Internet Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file.
|
|||||
| CVE-2000-0561 | 1 International Telecommunications | 1 International Telecommunications Webbbs | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.
|
|||||
| CVE-2006-4370 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
|
|||||
| CVE-2002-1454 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.
|
|||||